Encrypting E-Mail

Jana Jaeger

Table of Contents

• What is Behind PGP and GPG?
• Basic Principles
• Symmetric Encryption
• Asymmetric Encryption
• Combining Both
• Signatures and Hashes
• Achilles' Heel
• Further Information

What is Behind PGP and GPG?

PGP (Pretty Good Privacy) and GPG (Gnu Privacy Guard) are the most famous tools for e-email encryption (of course, other data can be signed and encrypted with them, too). PGP was initially developed in the US. In order to avoid collision with US export regulations and patented algorithms, GnuPG (GPG) was created in Europe and released under the GNU GPL Copyleft.

Basic Principles

This section is meant to provide an insight into the basic principles of e-mail encryption.

When using symmetric algorithms both parties use just one and the same key for both encryption and decryption. This key has to be kept absolutely secret. Otherwise a third party would easily be able to overhear everything that is encrypted using this key. Symmetric algorithms have the advantage of not consuming too much computing power. Some well-known examples are DES, Triple-DES (3DES), IDEA, CAST5, BLOWFISH, and TWOFISH.

Asymmetric encryption is based on pairs of keys. One key is referred to as the "private" or "secret" key and is only used for decryption. The other one, referred to as "public key" is spread to all who might want to send encrypted messages to its owner. The owner of the public key then uses his secret key to decrypt those messages. The secret key can not be reconstructed from the public key. As the secret key is kept secret by its owner and does not have to be shared with others, the risk of disclosure is much smaller. To communicate with others you just need a collection of their public keys to get encrypted messages and your own secret key to decrypt them. Using symmetric encryption, every pair of users would have their own shared secret key. A few well-known asymmtric algorithms include RSA, DSA, and ElGamal.

For many real-world applications it makes sense to use a combination of symmetric and asymmetric algorithms. Asymmetric keys are used for authentication. After this has been successfully done, one or more symmetric keys are generated and exchanged using asymmetric encryption. This way the improved security of asymmetric algorithms is combined with the efficiency of symmetric ones. Examples of this are the RSA/IDEA combination of PGP2 or the DSA/BLOWFISH used by GnuPG (GPG).

Using asymmetric algorithms is a way to make sure nobody but the owner of the secret key is able to read the encrypted message. But still, the recipient has to worry about two things:

• he does not know whether the sender of an encrypted message is the one he pretends to be
• he can not be sure if the message is identical to the original one

The sender's identity is secured by his signature. To create a signature of a message, the sender uses a hash function which computes a sort of check sum over the message text. The hash value itself is then encrypted with the secret key and sent to the recipient. The recipient is now able to decrypt the signature using the public key and check the hash value. Only identical messages result in identical hash values, and in addition to that they prove the sender's identity, for noone except the sender is able to create a hash value of the original message and encrypt it with his secret key, provided that it was not filched by anyone else.

The knowledge about the real owners of keys is the weak spot of every communication based on asymmetric encryption. A third (and evil-minded) party could generate a pair of keys, give the public key away telling everybody it belongs to someone else. Everyone believing in it will send messages encrypted with this key. The creator of the false key will then be able to read the messages. If he encrypts the messages again with the public key of the real recipient, he will not be recognized easily. Attacks of this sort are referred to as "man-in-the-middle" attacks. They can only be prevented by means of making absolutely sure that a public key really belongs to the one being designated as owner.

Further Information

This article is an abstract of Kurt Garloff's "How to use GnuPG for e-mail" which can be downloaded from the author's home page.